Only do NAT if source address created by WireGuard #586
Description
Thanks for the wonderful script!
As per some others have found on the issues list, loosing some network access after wireguard is up with new iptables rules is possible. I lost access to some other VPN beloing to libreswan on the same host.
After more googling, I found another WireGuard guide suggested that we can only do NAT if source address created by WireGuard on the iptables rules, I added -s to both the ipv4 and ipv6 lines, restarted WireGuard, and now, both WireGuard and Libreswan VPNs are working.
It might be good for the script to default to this behavior, it should save at least a subset of users who lost some previous network access prior to WireGuard install.
Source of setup guide:
https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux
Changes to my wg0.conf:
PostUp = iptables -t nat -A POSTROUTING -s 10.66.66.0/24 -o eth0 -j MASQUERADE
PostUp = ip6tables -t nat -A POSTROUTING -s fd42:42:42::0/64 -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -s 10.66.66.0/24 -o eth0 -j MASQUERADE
PostDown = ip6tables -t nat -D POSTROUTING -s fd42:42:42::0/64 -o eth0 -j MASQUERADE
Thanks again!